# Fundamentals 23rd-25th Janurary ## Welcome Welcome to the 2 day CKAD - Kubernetes Fundamentals workshop from [ControlPlane](https://control-plane.io) Slides and exercises will be shared at the end of the course. ## TL;DR ### Links - [Exercises](https://control.training/ckad) - [Google Cloud Console](https://console.cloud.google.com/) - [Google Cloud Shell](https://shell.cloud.google.com/) - [Emojicopy](https://www.emojicopy.com/) - [Slide Deck](https://drive.google.com/file/d/1qB-bHMUm_yKtxJ8a8Hsy8BEGWNsCjhOy/view?usp=share_link) ### Trainers - [Sophia󠁢 Mexi-Jones󠁷󠁬󠁳󠁿](mailto:sophia.mexi-jones@control-plane.io) - [Ollie Cuffley-Hur](mailto:ollie.cuffley-hur@control-plane.io) - [LinkedIn](https://www.linkedin.com/in/olliecuffleyhur/) ### Feedback Forms ### Question of the day Please ask one question in this [link](https://forms.gle/mZV1TgABkukfuywBA) ## Question - How do I ask a question? - Like this, and this is how we can answer them - This is how I ask another question? - At some point someone will answer this question ## Schedule ### Day 1 #### (all times are shown in GMT) - 09:00 am - Setup - 09:30 am - Introductions - 09:45 am - Setting up Infrastructure - 10:30 am - [Installing a Cluster with Kubeadm](https://control.training/ckad/modules/installing-a-cluster-with-kubeadm/) - 10:30 am - Intoduction to Kubernetes - Core Kubernetes Resources Slides - Services Slides - 11:00 am - [Core Kubernetes Labs](https://control.training/ckad/modules/core-kubernetes/) - 11:30 am - Core Kubernetes Lab Review - 12:15 pm - Lunch - 1:15 pm - Control Plane Components Slides - 1:30 pm - [Logging and Monitoring Labs](https://control.training/ckad/modules/logging-and-monitoring-basics) - 2:00 pm - Logging and Monitoring Labs Review - 2:20 pm - Networking Slides - 2:40 pm - [Networking Lab](https://control.training/ckad/modules/networking/) - 3:15 pm - break - 3:35 pm - Networking lab review - 4:15 pm - Review and Questions ### Day 2 - 9:00 am - Setup - 9:45 am - Storage Slides - 9:45 am - [Persistent Volumes and PVCS Labs](https://control.training/ckad/modules/pv-and-pvcs/) - 10:10 am - Persistent Volumes and PVCS Labs Review - Question of the Day - 10:35 am - break - 11:05 am - secrets slides - 11:25 am - [Secrets Labs](https://control.training/ckad/modules/secrets/) - 11:45 am - Secrets Labs Review - 12:10 pm - Lunch - 13:10 pm - Container Basics Slides - 13:20pm - Container Fundamentals Labs - What is Container - Linux Namespaces - Cgroups - Container Lifecycle - 13:50 pm - Labs Review - 14:20 pm - Docker Concepts Slides - 14:35 - Container Fundamentals Labs - Images & Layers - Building Container Images - Docker Container Networking - 15:00 pm - break - 15:20 - Multi Tenancy Slides - RBAC Slides - 15:40 pm - [RBAC Labs](https://control.training/ckad/modules/kubernetes-rbac/) - 16:00 pm - RBAC Review - 16:15 pm - Deploying Application Slides - 16:35 pm - Review and Questions ## Code Snippets Any code that has been discussed will be shared here making it easier to use ### kubectl bash autocompletion ``` sudo yum install bash-completion -y echo "source <(kubectl completion bash)" >> ~/.bashrc source ~/.bashrc ``` You may need to `logout` and ssh back into your VM to get this working. ### Fix Copy&Paste into vim ``` cat <<EOT > ~/.vimrc && source ~/.vimrc set tabstop=2 set shiftwidth=2 set expandtab EOT ``` ### Fix Creating a Pod that uses the PVC yaml ``` kind: Pod apiVersion: v1 metadata: name: task-pv-pod spec: volumes: - name: task-pv-storage persistentVolumeClaim: claimName: task-pv-claim containers: - name: task-pv-container image: nginx ports: - containerPort: 80 name: "http-server" volumeMounts: - mountPath: "/usr/share/nginx/html" name: task-pv-storage nodeSelector: disktype: ssd ``` ### Fix secret pod ``` apiVersion: v1 kind: Pod metadata: name: secret spec: containers: - name: secret image: controlplane/secrets-demo:1.0 env: - name: USERNAME valueFrom: secretKeyRef: name: user-pass key: username.txt volumeMounts: - name: password-volume mountPath: /etc/secret/ volumes: - name: password-volume secret: secretName: user-pass items: - key: password.txt path: password.txt ``` ### How do I get out of vim?! Press `esc` then: - `:wq` to save and exit - `:!q` to exit without saving For more vim commands, you can go here ## Slide Links ### Container Basics - [What is a Container?](https://www.docker.com/resources/what-container) - [CGROUPS](https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt) - [Demystifying namespaces and containers in Linux](https://opensource.com/article/19/10/namespaces-and-containers-linux) ### Docker Concepts - [Best practices for writing Dockerfiles](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/) - [tianon / dockerfiles](https://github.com/tianon/dockerfiles) - [Lean Go Containers with Multi-Stage Dockerfiles](https://container-solutions.com/lean-go-containers-multi-stage-dockerfiles/) - [jwilder / docker-squash](https://github.com/jwilder/docker-squash) - [Orca build](https://github.com/cyphar/orca-build) - [Hadolint](https://github.com/hadolint/hadolint) - [Docker security non-events](https://docs.docker.com/engine/security/non-events/) ### Core Kubernetes Resources - [kubectl Cheat Sheet](https://kubernetes.io/docs/reference/kubectl/cheatsheet/) - [Configure Liveness, Readiness and Startup Probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) - [Container Networking From Scratch](https://static.sched.com/hosted_files/kccna18/c1/slides.pdf) - [Understanding kubernetes networking: services](https://medium.com/google-cloud/understanding-kubernetes-networking-services-f0cb48e4cc82) - [Learn Kubernetes Basics](https://kubernetes.io/docs/tutorials/kubernetes-basics/) - [The Almighty Pause Container](https://www.ianlewis.org/en/almighty-pause-container) - [Minikube](https://minikube.sigs.k8s.io/docs/start/) ### Control Plane Introduction - [API server ports and IPs](https://kubernetes.io/docs/reference/access-authn-authz/controlling-access/#api-server-ports-and-ips) - [Runway Model Raft](https://runway.systems/?model=github.com/ongardie/runway-model-raft#) - [Kubernetes High Availability: No Single Point of Failure](https://thenewstack.io/kubernetes-high-availability-no-single-point-of-failure/) - [Kube Ops View](https://codeberg.org/hjacobs/kube-ops-view) - [What happens when ... Kubernetes edition!](https://github.com/jamiehannaford/what-happens-when-k8s) - [Kubernetes Networking: How to Write Your Own CNI Plug-in with Bash](https://www.altoros.com/blog/kubernetes-networking-writing-your-own-simple-cni-plug-in-with-bash/) - [Kubernetes the Hard Way](https://github.com/kelseyhightower/kubernetes-the-hard-way) - [Snap Inc EKS Architecture](https://www.youtube.com/watch?v=Cgv0kfp_6xQ) ### Networking - https://kubernetes.io/docs/concepts/services-networking/ingress/ ### Storage - https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes ### Secrets - https://external-secrets.io/ - https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets - https://www.eksworkshop.com/beginner/191_secrets/ - https://kubernetes.io/docs/tasks/administer-cluster/kms-provider - https://spiffe.io/docs/latest/spiffe-about/overview/ ### RBAC - https://schd.ws/hosted_files/kccncna17/5b/Effective%20RBAC.pdf - https://speakerdeck.com/ericchiang/kubecon-2016-kubernetes-auth-and-access-control - https://github.com/liggitt/audit2rbac - https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings - https://medium.com/@noqcks/kubernetes-audit-logging-introduction-464a34a53f6c - https://blog.heptio.com/security-matters-rbac-in-kubernetes-e369b483c8d8 - https://www.youtube.com/watch?v=ryeINNfVOi8 - https://github.com/uruddarraju/kubernetes-rbac-policies ### Multitenancy - https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/ - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - https://cloud.google.com/kubernetes-engine/docs/concepts/multitenancy-overview - https://platform9.com/blog/kubernetes-multi-tenancy-best-practices/ ## Training links > References to tools during training: - [Distroless](https://github.com/GoogleContainerTools/distroless) - [kubectx](https://github.com/ahmetb/kubectx) - helps manage which cluster/namespace that you're connecting onto - [dive](https://github.com/wagoodman/dive) - review the images that you've pulled down - [k9s](https://k9scli.io/) - [Strangler Fig Pattern](https://martinfowler.com/bliki/StranglerFigApplication.html) - [Hacking Kubernetes](https://control-plane.io/hackingkubernetes) - [Threat Modelling Kubernetes](https://www.youtube.com/watch?v=gkXoYFKqQkE)